Plug and Prey: Malicious USB Devices – irongeek.com
This paper is meant as an overview of malicious USB devices. The paper will first lay out a proposed set of categories for malicious USB devices, how these categories function, how they differ, and how they can be used by an attacker.

OWASP Appsec Tutorial Series pt. 1 – youtube.com
The first episode in the OWASP Appsec Tutorial Series. This episode describes what the series is going to cover, why it is vital to learn about application security, and what to expect in upcoming episodes.

Malware Attribute Enumeration & Characterization v1.1 released – vulnerabilitydatabase.com
MAEC™ International in scope and free for public use, MAEC is a standardized language for encoding and communicating high-fidelity information about malware based upon attributes such as behaviors, artifacts, and attack patterns.

The Social-Engineer Toolkit v1.2 “Shakawkaw” Released – secmaniac.com
This version of SET does not include any new attack vectors however does incorporate two new exploits from Metasploit, has some bug fixes, but most importantly introduces a significant step in allowing individuals build and automate additions onto the toolkit.

Techniques

Alexa Illustrates Web Security Risks (part 2) – research.zscaler.com
I wanted to circle back and close the loop from my original post on this. First- not surprisingly I’m not the only one to have taken note at malicious sites landing in Alexa.

PDF security under the microscope: A review of OMG-WTF-PDF – nakedsecurity.sophos.com
At the end of last year, while preparing for the presentation I gave at the Virus Bulletin conference, I intentionally avoided reading other papers about PDF security by other researchers because I felt that it would confuse my talk.

8 gdb tricks you should know – blog.ksplice.com
Despite its age, gdb remains an amazingly versatile and flexible tool, and mastering it can save you huge amounts of time when trying to debug problems in your code. In this post, I’ll share 10 tips and tricks for using GDB to debug most efficiently.

Nmap 5.50: Now with Gopher protocol support – seclists.org
Hi folks! It has been a year since the last Nmap stable release (5.21) and six months since development version 5.35DC1, so I’m pleased to release Nmap 5.50! I’m sure you’ll find that it was worth the wait!

Basic .Net Reversing Part-2 – blog.kaffenews.com
As promised in the first part, in 2nd part of the series we will crack the crack me used in first tutorial using .NET Reflector.

Praeda Release – foofus.net
PercX has been furiously hacking multi-function printers, and the result is a new tool called Praeda. Praeda is used to interrogate printers from a variety of manufacturers in an effort to gain information about a target network, or compromise credentials.

Vulnerability

Microsoft MHTML Script Injection Vulnerability
Microsoft warned today that hackers have published instructions for attacking a previously unknown security hole in all versions of Windows that could be exploited to siphon user data or trick users into installing malicious code.

Is the answer more InfoSec Conferences – blog.thinkst.com
I’m not saying that InfoSec Conferences are bad (although many a battered liver would disagree), but what i am saying is that we don’t seem to be improving our security posture at the same rate as we seem to be growing our conferences. Something is not right here.

Erasing drives should be quick and easy – computer-forensics.sans.org
In the past years, I have seen many many false and misleading statements about what is needed to securely erase or wipe a hard drive.

Egypt Unplugged from the Internet – krebsonsecurity.com
As many readers no doubt know, the Egyptian government on Thursday severed the nation’s ties with the rest of the Internet, in an apparent effort to disrupt political protests calling for an end to the 30-year rule of Egyptian leader Hosni Mubarak.

Ethics of password cracking/dissemination – skullsecurity.org
Anyway, this post is going to cover some of the pros and cons of what I do, and why I think that I’m doing the right thing, helping the world, etc.

About Us

Infosec Events is dedicated to the growing information security industry. We strive to provide useful information and resources to those in the industry. Don't hesitate to contact us should you need anything.